CVE-2014-8641

Use-after-free vulnerability in the WebRTC implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, and SeaMonkey before 2.32 allows remote attackers to execute arbitrary code via crafted track data...

CVE-2014-8635

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 allow remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via unknown vectors...

Stack overflow

Multiple stack-based buffer overflows in the DIVA web service API /webservice in VDG Security SENSE formerly DIVA 2.3.13 allow remote attackers to execute arbitrary code via the 1 user or 2 password parameter in an AuthenticateUser request...

Malwarebytes Anti-Malware < 2.0.3 'Upgrade' MITM Vulnerability - Windows

Malwarebytes Anti-Malware is prone to a man-in-the-middle MITM vulnerability through it SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

VLC Media Player 'real_get_rdt_chunk' BOF Vulnerability-02 (Jan 2015) - Windows

VLC media player is prone to a buffer overflow vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2014-9471

The parsedatetime function in GNU coreutils allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted date string, as demonstrated by the "--date=TZ="123"345" @1" string to the touch or date command...

Code injection

The ZIP archive decompressor in VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service invalid memory access and application crash or possibly execute arbitrary code via a crafted archive...

Path traversal

Absolute path traversal vulnerability in the RadAsyncUpload control in the RadControls in Telerik UI for ASP.NET AJAX before Q3 2012 SP2 allows remote attackers to write to arbitrary files, and consequently execute arbitrary code, via a full pathname in the UploadID metadata value...

Buffer overflow

Multiple buffer overflows in AllegroSoft RomPager, as used in Huawei Home Gateway products and other vendors and products, allow remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors related to authorization...

CVE-2014-9223

Multiple buffer overflows in AllegroSoft RomPager, as used in Huawei Home Gateway products and other vendors and products, allow remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors related to authorization...

openSUSE Security Update : the Linux Kernel (openSUSE-SU-2014:1669-1)

The openSUSE 12.3 kernel was updated to fix security issues : This will be the final kernel update for openSUSE 13.2 during its lifetime, which ends January 4th 2015. CVE-2014-9322: A local privilege escalation in the x8664 32bit compatibility signal handling was fixed, which could be used by loc...

CVE-2014-6395

Heap-based buffer overflow in the dissectorpostgresql function in dissectors/ecpostgresql.c in Ettercap before 0.8.1 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted password length value that is inconsistent with the actual length of the...

Stack overflow

The radiusgetattribute function in dissectors/ecradius.c in Ettercap 0.8.1 performs an incorrect cast, which allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via unspecified vectors, which triggers a stack-based buffer overflow...

CVE-2014-6396

The dissectorpostgresql function in dissectors/ecpostgresql.c in Ettercap before 0.8.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted password length, which triggers a 0 character to be written to an arbitrary memory location...

CVE-2014-9378

Ettercap 0.8.1 does not validate certain return values, which allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted 1 name to the parseline function in mdnsspoof/mdnsspoof.c or 2 base64 encoded password to the dissectorimap function in...

CVE-2014-6396

The dissectorpostgresql function in dissectors/ecpostgresql.c in Ettercap before 0.8.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted password length, which triggers a 0 character to be written to an arbitrary memory location...

CVE-2014-6395

Heap-based buffer overflow in the dissectorpostgresql function in dissectors/ecpostgresql.c in Ettercap before 0.8.1 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted password length value that is inconsistent with the actual length of the...

CVE-2014-9378

Ettercap 0.8.1 does not validate certain return values, which allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted 1 name to the parseline function in mdnsspoof/mdnsspoof.c or 2 base64 encoded password to the dissectorimap function in...

CVE-2014-6052

The HandleRFBServerMessage function in libvncclient/rfbproto.c in LibVNCServer 0.9.9 and earlier does not check certain malloc return values, which allows remote VNC servers to cause a denial of service application crash or possibly execute arbitrary code by specifying a large screen size in a 1...

CVE-2014-8967

Use-after-free vulnerability in Microsoft Internet Explorer allows remote attackers to execute arbitrary code via a crafted HTML document in conjunction with a Cascading Style Sheets CSS token sequence specifying the run-in value for the display property, leading to improper CElement reference...